US may use sanctions to punish Russia for election hacking

The U.S. response to election-related hacks that the Obama administration now blames on the Russian government could include sanctions against that country.

The administration has said that it has a range of options, including economic sanctions, to respond to Russian cyber attacks. On Friday, a Republican lawmaker said he would propose legislation to move those sanctions forward.

Senator Cory Gardner, who represents Colorado, said his planned legislation would mandate that the U.S. government investigate Russian cyber criminals and sanction them when appropriate.

"Russia’s interference with American democracy is a direct threat to our political process," Gardner said in a statement.

Gardner's comments came after U.S. intelligence agencies pointed a finger at Russia for recent cyber attacks in which sensitive emails from U.S. officials and institutions were leaked. Russia initiated those attacks in an attempt to tamper with this year's U.S. presidential election, the agencies said.

Gardner's legislation would be similar to measures the U.S. took early last year to punish North Korea for its alleged hack of Sony Pictures. Sanctions were placed against 10 North Koreans and three groups in the country, denying them access to the U.S. financial system.

The Obama Administration still hasn't said it will take any action against Russia. But in July, the White House suggested that sanctions could be a way for the U.S. to respond.

"We have a full range of options available to us in the government," said White House press secretary Eric Schultz at the time. "That includes economic sanctions out of Department of Treasury."

Schultz said the U.S. Department of Defense and the Department of Justice also could take action.

However, Chase Cunningham, director of cyber operations at security provider A10 Networks, doubts that the U.S. will respond in any meaningful way.

Although U.S. intelligence agencies have publicly blamed Russia for the election-related hacks, Friday's statement was made late in the afternoon, when people would be preparing for the weekend and might not be paying attention. That suggests the U.S. government wanted to downplay the allegations, he said.

"We have an election going on, and a president almost out of office," Cunningham said. "Nothing is going to happen. People will point fingers, but that won't really change anything."

However, it's rare for the U.S. to blame Russia for cyber attacks. Friday's statement came from an investigation done by the U.S. Intelligence Community, a group that includes 16 different government agencies including the CIA and FBI.

"When you have multiple agencies agree on something, you can take it to bank that this was thoroughly investigated," Cunningham said.

In the meantime, Cunningham expects more election-related hacks during the remaining weeks until the Nov. 8 vote. The U.S. intelligence agencies allege that sites including WikiLeaks are being used by the Russian government to leak sensitive files on U.S. officials and political groups.

On Friday, WikiLeaks released emails that allegedly were taken from a Hillary Clinton aide.

The Russian government has repeatedly denied any involvement in the hacks.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.